Data Security for SaaS Providers

Baffle provides record level encryption for multi-tenant SaaS

Rise of SaaS as Integral Part of Enterprise IT

The shift to cloud-based software delivery has revolutionized how enterprises use software. Instead of investing in costly infrastructure and hiring a team of application administrators, enterprises can now turn to software-as-a-service (SaaS) providers to offer the same functionality through the web without the headaches of deployment and administration. For most enterprises, the cost benefit of using SaaS is clear, but many are still hesitant to switch due to the potential security and compliance risks. In fact, in a survey of CIOs, security and compliance represented the top 2 of 3 barriers for adopting cloud services.

Key Security Concerns when Adopting SaaS

In a climate of increasing data privacy and governance regulations, enterprises want more security assurances from SaaS providers before they are willing to use software services that handle sensitive data. They want to understand how their data is protected, who can access that data, and what happens in the event of a data breach. Ultimately, enterprises want to retain control of their data assets. Since SaaS providers often rely on 3rd party platform services, providing customers with this level of assurance is extremely challenging. Even if the SaaS provider fully own the backend infrastructure and platform, customers are still concerned about the potential for backend administrators to access their data. Ideally, SaaS providers should be able to tell their customers that only the customers themselves will ever have access to their data.

“Baffle is a critical piece of the ecosystem - we’re building AWS KMS key management into the core of our platform, where customers can bring in this key material and manage it, and then using those keys in Baffle. No large-scale architectural overhauls, no multiple databases per tenant, none of that. Our development time is instead being spent adding even more value via other critical enhancements, and Baffle allows us to execute on that vision.”

Global SaaS provider serving Fortune 500 enterprise clients

How Baffle Helps

COMPLY WITH PRIVACY REGULATIONS

Drive regulatory compliance faster using Baffle’s “no code” solution. Baffle uses industry standard AES encryption to protect data at the field and record level ensuring that HIPAA, GDPR and HITRUST requirements can be met.

OVERCOME CLOUD SECURITY OBJECTIONS

Implementing encryption can be costly and difficult, but your customers require it and the objections slow down your sales cycle. Baffle is implemented via a no code data abstraction layer that simplifies application-level encryption to deliver strong security that will help you sail through security reviews.

The expansion of compliance requirements for data that is not in a customer’s on-premise environment is inevitable. Is your company ready? As we start the New Year, security remains a top enterprise concern. And why not? Data breaches are becoming bigger, bolder and more widespread…

SANTA CLARA, Calif.–(BUSINESS WIRE)–Baffle, an advanced data protection company, today announced the United States Patent and Trademark Office awarded the company a patent for its innovative and unique approach to processing data on untrusted computers. The patent is titled “Systems and Processes for Executing Private…